The last 64 bytes of the Windows PRNG “Seed” registry key hold a unique hash used to seed the CryptoAPI PRNG. However, that registry key value is 76 bytes long. What do the first 12 bytes hold?

The seed bytes change after every reboot, but the first 12 bytes never change. I tried deleting them and then rebooting, but the system restored exactly the same first 12 bytes. Is there any security risk from an attacker managing to read those 12 bytes? I assume the seed is used in bitcoin private key generation, and those 12 bytes must have some relationship to the seed.

It says in the quote that only the last 64 bytes are used to seed the CSPRNG so what is there to worry about? The first 12 bytes that remain constant aren't used to seed the CSPRNG. Maybe they serve some other purpose.

It says in the quote that only the last 64 bytes are used to seed the CSPRNG so what is there to worry about? The first 12 bytes that remain constant aren't used to seed the CSPRNG. Maybe they serve some other purpose.

Although they aren't used to seed the CSPRNG they must be related to it, or they wouldn't be included in that registry key value. If the twelve bytes represent the differing entropy sources found and used on a particular computer there might be a security risk if an attacker reads them. On the other hand they might represent a unique identifier, in which case it doesn't matter if an attacker reads them.

I'm probably worrying about nothing, but I'd like to know WTF they are for.

It's certainly a good question and I don't know the answer off the top of my head. The best I could find relating to Microsoft's decision on this subject was a claim that they follow the NIST guidelines 800-90A outlined in this doc: http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf however given Microsoft's recent track record with security I would say their standards-compliance is questionable. I don't have enough information to determine if it is due to coercion, malice, or negligence.

Luckily Bitcoin running on WIN32 uses OpenSSL in addition to the OS random function to generate a key. Check out this block of code: